PDA

View Full Version : Virtumonde



Daren10
2010-12-30, 01:55
After running spybot offline and in safemode was unable to remove Virtumonde (Trojan).

My browser is Firefox.

Would appreciate some help.

Thanks,
Daren10




DDS (Ver_10-12-12.02) - NTFSx86
Run by DAREN10 at 10:32:53.76 on Wed 12/29/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.990.188 [GMT -8:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\WFXSVC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINNT\system32\ylczkrsx.exe
C:\WINNT\system32\ProtEX32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\DAREN KISSLER\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {269fcc47-3d06-4169-afa8-892bc5bdb109} - c:\winnt\system32\fax70u.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {8fd2d674-1dd2-11b2-b98f-b440998f093e} - c:\winnt\system32\1vP4HsRI.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: TBSB04045 Class: {c6bfc16b-d6ff-47eb-b5d7-f91fb78f94ce} - c:\program files\ietoolbar\amazon toolbar\amazon.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Amazon Toolbar: {eeb30c11-df11-46df-b763-baf798ca65f3} - c:\program files\ietoolbar\amazon toolbar\amazon.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [OpAgent] "c:\program files\scansoft\omnipage15.0\OpAgent.exe" /agent
uRun: [PhonostarTimer] c:\program files\phonostar\ps_timer.exe
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [JDK5SWFMZY] c:\docume~1\darenk~1\locals~1\temp\Az1.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [POINTER] point32.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [UpdReg] c:\winnt\Updreg.exe
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [SSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot
mRun: [Opware15] "c:\program files\scansoft\omnipage15.0\Opware15.exe"
mRun: [OpScheduler] "c:\program files\scansoft\omnipage15.0\OpScheduler.exe"
mRun: [trioService] "c:\progra~1\freeze.com\3d falling leaves\\trioService.exe "
mRun: [ylczkrsx.exe] c:\winnt\system32\ylczkrsx.exe
mRun: [Protections] c:\winnt\system32\ProtEX32.exe
mRun: [Ultimate Fixer] "c:\program files\ultimate fixer\UltimateFixer.exe" hide
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sta] rundll32 "ivmup.dll",,Run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\contro~1.lnk - c:\program files\winfax\WFXCTL32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\mdt6\AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\mdt6\InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\mdt6\InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\mdt6\AcPreview.ocx
TCP: NameServer = 208.67.220.220,208.67.222.222
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: fax70u - fax70u.dll
STS: doctordom: {d1577581-2ed7-469f-99b1-72c1339e0ee0} - c:\winnt\system32\hkushdr.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darenk~1\applic~1\mozilla\firefox\profiles\33a26z6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd184f5&v=6.010.006.004&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\daren kissler\application data\mozilla\firefox\profiles\33a26z6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPEltr32.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared
FF - Ext: XULRunner: {A050FD27-6921-4F86-9964-0DD8D3A92BBC} - c:\documents and settings\daren kissler\local settings\application data\{A050FD27-6921-4F86-9964-0DD8D3A92BBC}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2008-6-12 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2007-2-24 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-12 297752]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [2003-7-14 24784]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2007-2-24 49776]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2007-2-24 602128]
S1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2007-2-24 11456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-11-3 517448]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2007-5-19 69120]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 10:33:41.26 ===============

ken545
2011-01-03, 23:15
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Your operating system is very outdated leaving you open to many infections, you should upgrade if you can to at lest XP. Some of the tools we use to remove this junk will not run on win 2000



Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Daren10
2011-01-04, 19:16
Did the scan 3 times with a re-boot each time. Included the results in this reply.

Thanks,
Daren10

Daren10
2011-01-04, 19:28
Just ran the scan for the 5th time and this time found no problems.

Thanks,
Daren

ken545
2011-01-04, 19:45
bitdownload <-- File sharing sites are very dangerous, your downloading files from an unknown source and some contain malicious code ( as you can see by whats been removed. ) I am going to ask you to uninstall this program via Add Remove programs before we proceed any further, as I dont want to waste my time helping you only for you to get reinfected again.

When its removed run this program


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Daren10
2011-01-04, 20:39
Didn't see "bitdownload" in the add/remove programs. Included a screen shot of my add/remove.

Are we good to go.

Thanks,
Daren

ken545
2011-01-04, 20:59
Well, I asked for a OTL log but if you feel your ok let me know and I will close this thread

Daren10
2011-01-04, 21:35
OTL logfile created on: 1/4/2011 11:13:13 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\DAREN10\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 67.25 Gb Free Space | 52.55% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: DAREN10 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DAREN10\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\phonostar\ps_timer.exe (phonostar)
PRC - C:\WINNT\system32\ylczkrsx.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe (ScanSoft, Inc.)
PRC - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe (Advanced Micro Devices)
PRC - C:\WINNT\system32\mstask.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\WinFax\WFXCTL32.EXE ()
PRC - C:\Program Files\WinFax\WFXMOD32.EXE (Symantec Corporation)
PRC - C:\WINNT\system32\WFXSVC.EXE (Symantec Corporation)
PRC - C:\WINNT\system32\WFXSNT40.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\devldr32.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\DAREN10\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ScanSoft\OmniPage15.0\OpHook15.dll (ScanSoft, Inc.)
MOD - C:\WINNT\system32\lz32.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Hardware\Mouse\point32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (KodakCCS) -- C:\WINNT\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (GemServ) AMD PowerNow! (tm) -- C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe (Advanced Micro Devices)
SRV - (Schedule) -- C:\WINNT\system32\mstask.exe (Microsoft Corporation)
SRV - (WinMgmt) -- C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (Fax) -- C:\WINNT\system32\faxsvc.exe (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (StiSvc) -- C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (HidServ) -- C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
SRV - (wfxsvc) -- C:\WINNT\system32\WFXSVC.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (VNUSB) -- C:\WINNT\System32\DRIVERS\VNUSB.sys File not found
DRV - (SenFiltService) -- C:\WINNT\System32\drivers\Senfilt.sys File not found
DRV - (AEAudioService) -- C:\WINNT\System32\drivers\AEAudio.sys File not found
DRV - (ADIHdAudAddService) -- C:\WINNT\System32\drivers\ADIHdAud.sys File not found
DRV - (AvgLdx86) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (CdaC15BA) -- C:\WINNT\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (AFS2K) -- C:\WINNT\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BVRPMPR5) -- C:\WINNT\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (nvnetbus) -- C:\WINNT\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINNT\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINNT\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_2K) -- C:\WINNT\System32\drivers\cdr4_2k.sys (Sonic Solutions)
DRV - (DcCam) -- C:\WINNT\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (Exportit) -- C:\WINNT\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINNT\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINNT\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- C:\WINNT\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcFpoint) -- C:\WINNT\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (HDAudBus) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINNT\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINNT\system32\drivers\ASACPI.sys ()
DRV - (MPE) -- C:\WINNT\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gemwdm) AMD PowerNow! (tm) -- C:\WINNT\system32\drivers\gemwdm.sys (Advanced Micro Devices)
DRV - (dmboot) -- C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (dmio) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (Parallel) -- C:\WINNT\system32\drivers\parallel.sys (Microsoft Corporation)
DRV - (EFS) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
DRV - (openhci) -- C:\WINNT\system32\drivers\openhci.sys (Microsoft Corporation)
DRV - (RCA) -- C:\WINNT\system32\drivers\rca.sys (Microsoft Corporation)
DRV - (NetDetect) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
DRV - (Diskperf) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINNT\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (IPFilter) -- C:\WINNT\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (emu10k) Creative SB Live! series(WDM) -- C:\WINNT\system32\drivers\emu10k1f.sys (Creative Technology Ltd.)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINNT\system32\drivers\sfman.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINNT\system32\drivers\ctljystk.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINNT\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Winacpci) -- C:\WINNT\system32\drivers\winacpci.sys (Conexant)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINNT\system32\drivers\ctlface.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A050FD27-6921-4F86-9964-0DD8D3A92BBC}:1.9.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd184f5&v=6.010.006.004&i=29&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 09:00:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/11/03 07:51:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A050FD27-6921-4F86-9964-0DD8D3A92BBC}: C:\Documents and Settings\DAREN10\Local Settings\Application Data\{A050FD27-6921-4F86-9964-0DD8D3A92BBC} [2010/07/17 14:53:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 09:05:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 09:05:31 | 000,000,000 | ---D | M]

[2008/09/04 13:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAREN10\Application Data\Mozilla\Extensions
[2011/01/03 20:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAREN10\Application Data\Mozilla\Firefox\Profiles\33a26z6p.default\extensions
[2010/09/16 16:10:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\DAREN10\Application Data\Mozilla\Firefox\Profiles\33a26z6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/07 20:01:49 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\DAREN10\Application Data\Mozilla\Firefox\Profiles\33a26z6p.default\searchplugins\search.xml
[2011/01/03 20:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/01 15:30:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/19 10:26:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/03 10:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/07/17 14:53:29 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\DAREN10\LOCAL SETTINGS\APPLICATION DATA\{A050FD27-6921-4F86-9964-0DD8D3A92BBC}
[2009/12/21 09:00:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2010/11/03 07:51:15 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/01/02 11:42:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/03 08:26:34 | 000,053,248 | ---- | M] (UPS) -- C:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll

O1 HOSTS File: ([2003/07/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {8fd2d674-1dd2-11b2-b98f-b440998f093e} - C:\WINNT\System32\1vP4HsRI.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll File not found
O2 - BHO: (TBSB04045 Class) - {C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Amazon Toolbar) - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Amazon Toolbar) - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Amazon Toolbar) - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINNT\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe File not found
O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [trioService] C:\PROGRA~1\Freeze.com\3D Falling Leaves\trioService.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\WINNT\Updreg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINNT\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ylczkrsx.exe] C:\WINNT\system32\ylczkrsx.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\MDT6\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\MDT6\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\MDT6\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\MDT6\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.2 4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {d1577581-2ed7-469f-99b1-72c1339e0ee0} - doctordom - C:\WINNT\System32\hkushdr.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\DAREN10\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAREN10\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/24 14:29:47 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 10:16:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAREN10\Desktop\OTL.exe
[2011/01/03 17:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAREN10\Application Data\Malwarebytes
[2011/01/03 17:02:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/01/03 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 17:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/03 17:02:02 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/01/03 17:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/30 16:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/12/29 10:27:02 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/12/29 10:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/29 10:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2007/02/24 16:08:51 | 000,059,392 | ---- | C] ( ) -- C:\WINNT\System32\a3d.dll
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\Documents and Settings\DAREN10\My Documents\*.tmp files -> C:\Documents and Settings\DAREN10\My Documents\*.tmp -> ]
[10 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/04 11:12:12 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_7b0.dat
[2011/01/04 11:10:47 | 000,088,556 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2011/01/04 11:10:21 | 000,000,896 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 11:09:42 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2011/01/04 10:56:30 | 000,922,406 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/01/04 10:34:00 | 000,000,900 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/04 10:31:31 | 000,036,829 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\Image1.gif
[2011/01/04 10:26:44 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2011/01/04 10:17:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAREN10\Desktop\OTL.exe
[2011/01/04 09:46:37 | 069,705,665 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2011/01/04 09:45:40 | 000,933,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/01/04 09:45:40 | 000,504,832 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/01/04 08:28:05 | 000,000,324 | ---- | M] () -- C:\WINNT\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/01/03 17:02:06 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 09:49:24 | 000,142,495 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2011/01/03 09:49:23 | 006,061,540 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\avi7.avg
[2011/01/03 09:49:23 | 000,492,629 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg
[2011/01/03 06:43:36 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/12/29 15:46:38 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\Attach.zip
[2010/12/29 15:35:45 | 000,016,799 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\Spybot - Search & Destroy scan report.pdf
[2010/12/29 10:31:36 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\dds.com
[2010/12/29 10:22:03 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\ERUNT.lnk
[2010/12/27 10:42:53 | 000,000,055 | ---- | M] () -- C:\WINNT\ccolwiz.ini
[2010/12/24 19:05:17 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\DAREN10\My Documents\Color test YBR.pub
[2010/12/22 11:46:52 | 006,030,422 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\religouschristmasmusic.wav
[2010/12/21 09:37:00 | 000,534,894 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\ENG_CS_82004_FASTON_Housings_1007.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:38 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/12/17 17:21:57 | 003,017,084 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\Porque_los_arabes_lanzan_piedras.wmv
[2010/12/17 10:13:51 | 006,695,902 | ---- | M] () -- C:\Documents and Settings\DAREN10\Desktop\seabreacher.wmv
[2010/12/14 08:35:10 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_810.dat
[2010/12/10 14:22:22 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\DAREN10\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/10 14:21:46 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_8d4.dat
[2010/12/08 13:37:38 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5cc.dat
[2010/12/08 13:34:44 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_360.dat
[2010/12/08 11:02:15 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\DAREN10\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/06 10:10:35 | 000,519,168 | ---- | M] () -- C:\Documents and Settings\DAREN10\My Documents\Morgan Sail Boat.doc
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\Documents and Settings\DAREN10\My Documents\*.tmp files -> C:\Documents and Settings\DAREN10\My Documents\*.tmp -> ]
[10 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 11:12:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7b0.dat
[2011/01/04 11:09:42 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2011/01/04 10:31:31 | 000,036,829 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\Image1.gif
[2011/01/03 17:02:06 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 15:46:38 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\Attach.zip
[2010/12/29 15:35:43 | 000,016,799 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\Spybot - Search & Destroy scan report.pdf
[2010/12/29 10:31:28 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\dds.com
[2010/12/29 10:22:03 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\ERUNT.lnk
[2010/12/28 13:06:39 | 000,922,406 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2010/12/22 11:46:51 | 006,030,422 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\religouschristmasmusic.wav
[2010/12/21 09:37:00 | 000,534,894 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\ENG_CS_82004_FASTON_Housings_1007.pdf
[2010/12/17 17:21:57 | 003,017,084 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\Porque_los_arabes_lanzan_piedras.wmv
[2010/12/17 10:13:49 | 006,695,902 | ---- | C] () -- C:\Documents and Settings\DAREN10\Desktop\seabreacher.wmv
[2010/12/14 08:35:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_810.dat
[2010/12/10 14:21:46 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_8d4.dat
[2010/12/08 13:37:38 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5cc.dat
[2010/12/08 13:34:44 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_360.dat
[2010/12/06 10:10:33 | 000,519,168 | ---- | C] () -- C:\Documents and Settings\DAREN10\My Documents\Morgan Sail Boat.doc
[2009/08/28 14:02:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/26 11:03:56 | 000,000,022 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2009/01/17 10:38:42 | 000,000,000 | ---- | C] () -- C:\WINNT\Irremote.ini
[2008/12/31 11:15:50 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2008/07/09 14:18:00 | 000,000,288 | ---- | C] () -- C:\WINNT\wininit.ini
[2007/08/07 17:10:52 | 000,000,055 | ---- | C] () -- C:\WINNT\ccolwiz.ini
[2007/07/30 16:07:37 | 000,000,034 | ---- | C] () -- C:\WINNT\render.ini
[2007/07/18 18:26:35 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2007/05/22 23:05:08 | 023,948,677 | -HS- | C] () -- C:\WINNT\iihjkj.ini
[2007/05/22 21:50:54 | 000,828,563 | -HS- | C] () -- C:\WINNT\yayyyb.ini
[2007/04/18 16:35:52 | 000,000,270 | ---- | C] () -- C:\WINNT\hpqcopy.INI
[2007/03/08 19:08:06 | 000,000,000 | ---- | C] () -- C:\WINNT\plclient.INI
[2007/03/06 16:53:36 | 000,000,399 | ---- | C] () -- C:\WINNT\MAXLINK.INI
[2007/02/25 12:13:19 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\cpwmon2k.dll
[2007/02/25 09:28:20 | 000,000,028 | ---- | C] () -- C:\WINNT\ICOA.INI
[2007/02/25 09:28:13 | 000,000,000 | ---- | C] () -- C:\WINNT\QFN.ini
[2007/02/25 09:28:13 | 000,000,000 | ---- | C] () -- C:\WINNT\QDQICK.ini
[2007/02/25 09:22:02 | 000,000,064 | ---- | C] () -- C:\WINNT\QBWCD.INI
[2007/02/25 09:10:08 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2007/02/24 21:00:17 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2007/02/24 21:00:17 | 000,000,540 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2007/02/24 20:52:25 | 000,009,136 | ---- | C] () -- C:\WINNT\System32\INETWH16.DLL
[2007/02/24 20:08:58 | 000,000,985 | ---- | C] () -- C:\WINNT\ODBC.INI
[2007/02/24 19:54:16 | 000,000,000 | ---- | C] () -- C:\WINNT\WTNSETUP.INI
[2007/02/24 19:47:13 | 000,037,888 | ---- | C] () -- C:\WINNT\System32\DCCWFP32.DLL
[2007/02/24 19:47:13 | 000,000,250 | ---- | C] () -- C:\WINNT\WINFAX.INI
[2007/02/24 19:47:11 | 000,017,920 | ---- | C] () -- C:\WINNT\System32\IMPLODE.DLL
[2007/02/24 16:08:41 | 000,035,328 | ---- | C] () -- C:\WINNT\System32\INETWH32.DLL
[2007/02/24 16:08:41 | 000,000,231 | ---- | C] () -- C:\WINNT\ac3api.ini
[2007/02/24 15:46:30 | 000,019,373 | ---- | C] () -- C:\WINNT\Ascd_tmp.ini
[2007/02/24 15:38:45 | 000,019,615 | ---- | C] () -- C:\WINNT\Ascd_log.ini
[2007/02/24 15:38:15 | 000,005,810 | R--- | C] () -- C:\WINNT\System32\drivers\ASACPI.sys
[2007/02/24 15:38:03 | 000,005,824 | ---- | C] () -- C:\WINNT\System32\drivers\ASUSHWIO.SYS
[2007/02/24 14:29:27 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2007/02/24 06:03:11 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2003/07/14 04:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/14 04:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/07/14 04:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/14 04:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/14 04:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINNT\System32\zlib.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINNT\System32\KodakOneTouch.dll
[1999/09/25 02:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 02:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/01/12 00:00:00 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/11/03 07:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/05/19 22:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2007/12/28 09:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/02/24 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/03/08 19:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/03/01 09:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\Autodesk
[2009/05/07 10:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\AVGTOOLBAR
[2007/06/19 17:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\BitDownload
[2008/07/09 18:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\NCH Swift Sound
[2008/07/17 06:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\phonostar-Player
[2007/03/08 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\ScanSoft
[2007/02/25 09:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\Simple Star
[2008/07/09 09:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAREN10\Application Data\Toolbars

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8964 bytes -> C:\Documents and Settings\DAREN10\Desktop\SWOfficePremium_VideoVault.html:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8404 bytes -> C:\Documents and Settings\DAREN10\Desktop\b_212.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7940 bytes -> C:\Documents and Settings\DAREN10\Desktop\Corporate Officer Exemption Form.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7840 bytes -> C:\Documents and Settings\DAREN10\Desktop\mtrs.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7488 bytes -> C:\Documents and Settings\DAREN10\Desktop\resalecertificate_e.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6560 bytes -> C:\Documents and Settings\DAREN10\Desktop\TobinPricelist2006-07.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6524 bytes -> C:\Documents and Settings\DAREN10\Desktop\First correspondence.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6168 bytes -> C:\Documents and Settings\DAREN10\Desktop\Hardinge Collets.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3116 bytes -> C:\Documents and Settings\DAREN10\Desktop\HPDesignJet350C.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1724 bytes -> C:\Documents and Settings\All Users\Desktop\Free Games & Music.url:Q30lsldxJoudresxAaaqpcawXc

< End of report >

Daren10
2011-01-04, 21:37
OTL Extras logfile created on: 1/4/2011 11:13:13 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\DAREN10\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 67.25 Gb Free Space | 52.55% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: DAREN10 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3D3C6E58-7BAA-11D5-8F8F-0010A4EC0ADE}" = ZebraNet Utilities
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5071E947-0232-4B91-B926-CD77E7DD569C}" = BobCAD-CAM V21
"{55638DD9-D5A9-11D3-B74B-204C4F4F5020}" = AMD's Cool'n'Quiet (tm) Technology Version 1.0.8
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0103-0409-0000-0060B0CE6BBA}" = Mechanical Desktop 6
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9183BD11-101E-11D6-B7C9-005004566E4D}" = ViewSonic Windows 2K Signed Files
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}" = UPS Thermal Printer Plugin - Version 7.96
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}" = Dragon NaturallySpeaking 8
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E9DCA3A9-7478-427C-9E98-765D980EF053}" = ScanSoft OmniPage 15.0
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnswerWorks" = AnswerWorks Runtime
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"CutePDF Writer Installation" = CutePDF Writer 2.5
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"FLV Player" = FLV Player 2.0, build 23
"FLVPlayer" = FLV Player 1.3.3
"HP DeskJet 1220C Printer" = HP DeskJet 1220C Printer
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 4.14.10
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"NVIDIA Drivers" = NVIDIA Drivers
"Office In Color" = Office In Color
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"QuickBooks 99" = QuickBooks Pro 99
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sound Blaster Live!" = Sound Blaster Live!
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"STA.qst_ENU" = Dex Yellow & White Pages v4.5.4
"Stamp" = Stamp Uninstall
"Switch" = Switch
"TBSB04045.TBSB04045Toolbar" = Amazon Toolbar
"ToolBox" = NCH Toolbox Uninstall
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"Videora iPod classic Converter" = Videora iPod classic Converter 3.07
"WinFax" = Symantec WinFax PRO
"WinZip" = WinZip
"WMP7" = Windows Media Player system update (9 Series)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2011 9:34:20 AM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 1/4/2011 10:35:00 AM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 1/4/2011 11:34:24 AM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 1/4/2011 12:34:22 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 1/4/2011 1:42:09 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/4/2011 1:54:41 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/4/2011 2:08:41 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/4/2011 2:47:17 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/4/2011 2:58:21 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/4/2011 3:09:53 PM | Computer Name = OFFICE | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 1/4/2011 2:50:21 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/4/2011 2:50:38 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:00:21 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 1/4/2011 3:01:08 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:01:26 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:01:38 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:11:54 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 1/4/2011 3:12:38 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:12:53 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 1/4/2011 3:13:09 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.


< End of report >

ken545
2011-01-04, 23:28
You have a few suspicious files on your system, lets check them before we remove them


You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

C:\WINNT\iihjkj.ini
C:\WINNT\yayyyb.ini
C:\WINNT\System32\1vP4HsRI.dll
C:\WINNT\system32\ylczkrsx.exe


If the site is busy you can try this one
http://virusscan.jotti.org/en

Daren10
2011-01-05, 00:57
This first file is to large for Virus Total and no response from Jotti. will keep trying.
C:\WINNT\iihjkj.ini


Couldn't find this file. Also used the search tool
C:\WINNT\System32\1vP4HsRI.dll

Daren10
2011-01-05, 01:08
This first file is to large for Virus Total and no response from Jotti. will keep trying.
C:\WINNT\iihjkj.ini


Couldn't find this file. Also used the search tool
C:\WINNT\System32\1vP4HsRI.dll

ken545
2011-01-05, 01:54
The first two have to go, let check these two

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:File
C:\WINNT\iihjkj.ini
C:\WINNT\System32\1vP4HsRI.dll


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Daren10
2011-01-05, 02:07
SystemLook.exe wouldn't run. Got the following error.
Tried both down load sites.


---------------------------
SystemLook.exe - Entry Point Not Found
---------------------------
The procedure entry point IsWow64Process could not be located in the dynamic link library KERNEL32.dll.
---------------------------
OK
---------------------------

ken545
2011-01-05, 02:20
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\ylczkrsx.exe ()
[2007/05/22 23:05:08 | 023,948,677 | -HS- | C] () -- C:\WINNT\iihjkj.ini
[2007/05/22 21:50:54 | 000,828,563 | -HS- | C] () -- C:\WINNT\yayyyb.ini

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.



Let me know also how you feel your system is running now ??

Daren10
2011-01-05, 02:42
My system is running faster! Thanks!




All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named ylczkrsx.exe was found!
C:\WINNT\iihjkj.ini moved successfully.
C:\WINNT\yayyyb.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: DAREN10
->Temp folder emptied: 120425800 bytes
->Temporary Internet Files folder emptied: 164838 bytes
->Java cache emptied: 102478283 bytes
->FireFox cache emptied: 80998834 bytes
->Flash cache emptied: 144968 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: SYSTEM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 19611136 bytes
%systemroot% .tmp files removed: 3656785 bytes
%systemroot%\System32 .tmp files removed: 2796049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5021882 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 320.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01042011_162942

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ken545
2011-01-05, 03:19
Great :bigthumb:


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Daren10
2011-01-05, 03:27
Is there any thing we can do to prevent this computer from locking up when installing windows updates?

ken545
2011-01-05, 03:40
Not sure but I believe the updates for Win 2000 ended on 13 July 2010.

You may want to post here in this windows forum for help, like Safer its free but you will need to register as we just do malware removal on this one.
http://forums.whatthetech.com/index.php?showforum=119

Daren10
2011-01-05, 03:52
OK.

What can we do about the other 2 suspicious files.

C:\WINNT\iihjkj.ini
C:\WINNT\System32\1vP4HsRI.dll

ken545
2011-01-05, 10:59
C:\WINNT\iihjkj.ini <--This one has been removed

C:\WINNT\System32\1vP4HsRI.dll <--This one I think I would just leave be

ken545
2011-01-06, 14:18
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.